Buffer Overflow in X Render Extension for X.org X Server
CVE-2006-1526

Currently unrated

Key Information:

Vendor: X.org
Status: X11r6
Vendor: CVE Published:; 2 May 2006

What is CVE-2006-1526?

A buffer overflow vulnerability exists within the X render extension of X.org X server, specifically in versions 6.8.0 and higher. This flaw can be exploited by attackers to trigger a denial of service, causing the system to crash. The vulnerability arises from an incorrect memory allocation due to a typographical error in the code, where an '&' operator was mistakenly utilized instead of a '*' operator in the XRenderCompositeTriStrip and XRenderCompositeTriFan requests. Exploitation of this flaw can compromise system stability and accessibility.

References

http://www.redhat.com/support/errata/RHSA-2006-0451.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/19921

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/19943

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2006
Vulnerability Reserved
Mar 30, 2006